Open Access
ARTICLE
Computer Forensics Framework for Efficient and Lawful Privacy-Preserved Investigation
1 Center of Excellence in Information Assurance, King Saud University, Riyadh, 11653, Saudi Arabia
2 College of Computer and Information Sciences, King Saud University, Riyadh, 11451, Saudi Arabia
* Corresponding Author: Waleed Halboob. Email:
Computer Systems Science and Engineering 2023, 45(2), 2071-2092. https://doi.org/10.32604/csse.2023.024110
Received 05 October 2021; Accepted 27 November 2021; Issue published 03 November 2022
Abstract
Privacy preservation (PP) in Digital forensics (DF) is a conflicted and non-trivial issue. Existing solutions use the searchable encryption concept and, as a result, are not efficient and support only a keyword search. Moreover, the collected forensic data cannot be analyzed using existing well-known digital tools. This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB) privacy guidelines. To have an efficient investigation process and meet the increased volume of data, the presented framework is designed based on the selective imaging concept and advanced encryption standard (AES). The proposed framework has two main modules, namely Selective Imaging Module (SIM) and Selective Analysis Module (SAM). The SIM and SAM modules are implemented based on advanced forensic format 4 (AFF4) and SleuthKit open source forensics frameworks, respectively, and, accordingly, the proposed framework is evaluated in a forensically sound manner. The evaluation result is compared with other relevant works and, as a result, the proposed solution provides a privacy-preserving, efficient forensic imaging and analysis process while having also sufficient methods. Moreover, the AFF4 forensic image, produced by the SIM module, can be analyzed not only by SAM, but also by other well-known analysis tools available on the market.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.